Web pages behave differently based on the session state. For example, different or additional links may be available to a user who has been authenticated. These additional or different links may not be visible to a guest user, that is, a user that has not been authenticated.
Often, web assessment tools are used to scan entire web sites for various reasons. For example, security assessment tools may be used to scan entire web sites to identify security vulnerabilities so that the defects in the web site can be fixed promptly and effectively. Since the web assessment tools would need to scan the entire web site, if the web assessment tool is not aware of the session state, the web assessment tool may, for instance, scan web pages in a logged out state, and thus may miss links that may be available in the logged in state. When that happens, the coverage achieved by the web assessment tool may be compromised, causing the result of the scan and the effectiveness of the web assessment tool to be affected. A logged out event detection mechanism may be used to keep the web assessment tool up to date with respect to the session state and allow the web assessment tool, for instance, to remain in the logged in state so that accurate scan results may be achieved.